Just in:
TUMI Hosts Global Launch Event in Singapore to Unveil Women’s Asra Collection and Announce Global Ambassador, Mun Ka Young // First-Ever Fortune Innovation Forum Draws Top Global Leaders to Hong Kong, Promoting Agendas On Collective Cross-Sector Advancement // Experience Ultimate Shopping Freedom at 4.4 Shopee Spree: Don’t Worry, Shop Shopee! // Ingdan Announces 2023 Annual Results // German Job Market Resilience Bodes Well for Economic Recovery // Andertoons by Mark Anderson for Fri, 29 Mar 2024 // U.S. Compliance Takes Center Stage at OKX Following Industry Jitters // Andertoons by Mark Anderson for Thu, 28 Mar 2024 // No running of govt from jail, says Delhi Lt Governor // Emirati Aid Reaches Ukraine as Food Shortages Bite // US reiterates concern over Kejriwal arrest, Cong accounts // Following the Money Trail: US and UK Investigate $20 Billion in USDT Transfers Tied to Sanctioned Russian Exchange // French Leaders Gather for Interfaith Iftar Dinner // Sunshine’s Debut Features Leave Tech World Scratching Its Head // CABSAT 2024 Ushers in 30 Years of Media Innovation // New Nylon Constant Torque Hinge From Southco Provides Position Control In A Compact Package // Universal Language for Healthcare: General Authority Embraces Global Coding System // Infineon and HD Korea Shipbuilding & Offshore Engineering jointly develop ship electrification technology // Saudi Arabia Unveils Green Financing Tool to Achieve Net-Zero Goals // Global Audience to Witness Thrill of Dubai World Cup //
HomeWhat's OnStrider Spy Group Targets Russia, China and Europe

Strider Spy Group Targets Russia, China and Europe

Software security firm Symantec has identified a group called Strider that’s aiming spying-related malware at individuals and organizations in Belgium, China, Russia and Sweden. Apparently active since at least late 2011, Strider has kept a low profile and could be a nation-state attacker, Symantec said.

Strider uses “stealthy,” hard-to-detect malware called Remsec that provides backdoor access to infected computers for stealing data, logging keystrokes and other actions, according to Symantec. The organization appears to be highly selective, with only 36 attacks against seven targets detected since October of 2011.

In a separate report released today, the cybersecurity company Kaspersky Lab identified the spying group as “ProjectSauron.” The name stems from a string in the malware’s keylogger module that includes the word “Sauron,” the main villain in J.R.R. Tolkien’s “The Lord of the Rings.”

ADVERTISEMENT

Malware Resides ‘Only in Memory’

“Strider is capable of creating custom malware tools and has operated below the radar for at least five years,” Symantec’s Security Response team wrote yesterday in a blog post. “Based on the espionage capabilities of its malware and the nature of its known targets, it is possible that the group is a nation-state level attacker.”

The security team said it first detected Strider’s malware through its behavioral engine that uses machine learning to look for anomalous computer processes. The researchers then analyzed a sample of the Remsec malware they obtained from a customer.

Remsec uses a variety of modules that together work as “a framework that provides the attackers with complete control over an infected computer,” the Symantec team noted. The malware is difficult to detect in part because many of its features are “deployed over the network, meaning it resides only in a computer’s memory and is never stored on disk.”

Aimed at Government, Military Targets

In a report released today, Kaspersky Lab described the same malware as “ProjectSauron,” which it first detected in September.

“The suspicious module was an executable library, loaded in the memory of a Windows domain controller (DC),” Kasperksy’s Global Research and Analysis Team wrote today in a security note. “The library was registered as a Windows password filter and had access to sensitive data in cleartext. Additional research revealed signs of massive activity from a new threat actor that we codenamed ‘ProjectSauron,’ responsible for large-scale attacks against key governmental entities in several countries.”

The Kaspersky team said the malware has targeted more than 30 victim organizations in Russia, Iran and Rwanda, as well as some in Italian-speaking countries. The added that it’s likely many other targets in other regions could also be affected.

The key targets appear to be government and military organizations, scientific research centers, telecom operators and financial organizations, according to Kaspersky.

Orla Fox, Symantec’s director of security response, told Reuters that cybersecurity firms don’t often discover new types of malware like Remsec.

“Strider’s attacks have tentative links with a previously uncovered group, Flamer,” according to Symantec. Remsec’s use of modules written in the programming language Lua “is a technique that has previously been used by Flamer,” Symantec noted. “One of Striders targets had also previously been infected by Regin.”

Let’s block ads! (Why?)

ADVERTISEMENT

ADVERTISEMENT
Just in:
German Job Market Resilience Bodes Well for Economic Recovery // Digital Hub Unveiled: Xposure Launches Platform for Global Photography Community // Andertoons by Mark Anderson for Fri, 29 Mar 2024 // CABSAT 2024 Ushers in 30 Years of Media Innovation // AIA Hong Kong Wins More Than 20 Accolades at MPF Ratings MPF Awards, BENCHMARK MPF of The Year Awards and Bloomberg Businessweek Top Fund Awards // Ajman Celebrates Conclusion of Ramadan Activities with Grand Ceremony // US reiterates concern over Kejriwal arrest, Cong accounts // Andertoons by Mark Anderson for Thu, 28 Mar 2024 // Global Audience to Witness Thrill of Dubai World Cup // Samsung Electronics Launches 2024 Neo QLED 8K, Neo QLED, and OLED Displays to Spark the AI Screen Era // Experience Ultimate Shopping Freedom at 4.4 Shopee Spree: Don’t Worry, Shop Shopee! // First-Ever Fortune Innovation Forum Draws Top Global Leaders to Hong Kong, Promoting Agendas On Collective Cross-Sector Advancement // Sharjah Chamber Breaks Ground on Final Expansion with New HQ Pact // Following the Money Trail: US and UK Investigate $20 Billion in USDT Transfers Tied to Sanctioned Russian Exchange // Ingdan Announces 2023 Annual Results // Emirati Aid Reaches Ukraine as Food Shortages Bite // U.S. Compliance Takes Center Stage at OKX Following Industry Jitters // TUMI Hosts Global Launch Event in Singapore to Unveil Women’s Asra Collection and Announce Global Ambassador, Mun Ka Young // French Leaders Gather for Interfaith Iftar Dinner // Melco Style Presents “SANRIO CHARACTERS STUDIO CITY CARNIVAL” – Explore a SANRIO World of Unlimited Love and Cuteness //